In part three of our extensive study of mobile threats, we discuss malware whose primary purpose is to pinch valuable information.

Our smartphones and tablets know almost everything about us — from contact details to bank card numbers and current location. This information is a goldmine for cybercriminals. As a result, the Web is full of all kinds of pests out to grab anything lying around (or carelessly typed).

Spyware

Spyware is the name given to programs that, yes, spy on people. Like hidden cryptominers, spyware tries to lie low on your smartphone for as long as possible, which tends to make it very difficult to detect.

Some types of spyware steal data — anything from user names and passwords to photos and geolocation data; other types stick to the spy game, recording audio, shooting videos, and so on.

Here’s what such malware is capable of:

Stealing your e-mails and text messages (both SMS and IM) and forwarding them to cybercriminals,

Recording phone conversations,

Sending your device’s GPS coordinates to scammers,

Revealing your browser history and clipboard contents,

Stealing personal or work documents, or any files from your phone,

Turning on the microphone and/or camera and sending out secretly recorded photos, audio, and video,

Stealing social media and online bank account details,

Collecting system information.

For example, the Trojan spyware Skygofree starts recording audio when the owner of the infected device is in a place selected by the spyware operators; it also harvests browser history, user names, passwords, and card numbers. It then connects to Wi-Fi all by itself and transfers the booty.

Keyloggers

Spyware can be general-purpose or specialized. For example, keyloggers are malware programs that log keystrokes on the keyboard. Sure, modern phones have only virtual keys, but that’s even better for keyloggers. Some masquerade as alternative keyboards, making it child’s play to pick up what the user taps.

Banking Trojans

Another specialized breed of spyware, banking Trojans steal data linked to bank cards and apps. These monsters are quite popular with hackers because they provide a direct route into other people’s accounts.

Banking Trojans come in a variety of flavors, and in many cases they combine an array of functions. For example, many can overlay the banking app interface with their own, making it seem as though the user is entering data in the banking app while in fact giving it to the Trojan, which logs the details and feeds them into the banking client so that the user suspects nothing. Also, in many cases, mobile banking Trojans intercept SMS messages from banks containing confirmation codes or information about withdrawals.

The Trojan Faketoken, for example, used windows imitating various apps that might reasonably be expected to request card data, including the CVV code, for entirely legitimate purposes. The program then intercepted the SMS duly sent by the bank and forwarded it to the cybercriminals, whereupon they could perform transactions in the name of the device owner.

How to guard against mobile Trojans

To protect yourself from all this Trojan mischief, it’s worth following these few simple rules:

Download apps only from official stores, such as Google Play. It won’t provide a full security guarantee, but the risk of encountering a Trojan will be considerably lower. We also recommend that you block the installation of software from third-party sources in the device settings.

Don’t forget to install system and application updates — they patch vulnerabilities that criminals can exploit.

Think hard before clicking on dubious links in e-mail or text messages.

Install a good antivirus on your phone and scan the system regularly. For example, Kaspersky Internet Security for Android detects and neutralizes suspicious apps and keeps you away from malicious websites.

Leonid Grustniy

Latest posts:

Share it using the social you like:

Send to Kindle

Enter your email address to subscribe to this blog and receive notifications of new posts by email

*

*

I agree to provide my email address to “AO Kaspersky Lab” to receive information about new posts on the site. I understand that I can withdraw this consent at any time via e-mail by clicking the “unsubscribe” link that I find at the bottom of any e-mail sent to me for the purposes mentioned above.